CERT Warns Of Tenda Firmware Backdoor

The CERT Coordination Center (CERT/CC) has disclosed a critical security issue affecting multiple Tenda networking devices. Tracked as CVE-2026-11405, the vulnerability stems from an undocumented backdoor in Tenda firmware that allows unauthenticated attackers to gain administrative access to a device’s web management interface. The flaw remains unpatched, prompting CERT to recommend immediate mitigation measures for affected users. 

According to CERT, the vulnerability impacts multiple Tenda routers, switches, and other networking products. Security researchers discovered the issue within the login function of the device’s web server binary, where the authentication process contains logic that can be exploited to bypass normal login requirements. 

CVE-2026-11405 Backdoor Enables Authentication Bypass 

The CERT advisory explains that the authentication mechanism behaves unexpectedly after a failed login attempt. Instead of rejecting the request, the firmware retrieves a password stored in the device’s configuration. 

It then compares only the password supplied by the user against the stored plaintext password. If the passwords match, the system grants administrator-level access without verifying the username. 

“The associated username is not validated, so any provided username will succeed when paired with the backdoor password. This backdoor authentication mechanism is not documented or visible through any administrative interface,” CERT/CC explained. 

Because of this behavior, CVE-2026-11405 allows attackers to bypass authentication entirely if they know or obtain the configured password. 

CERT Recommends Mitigations as No Patch Is Available 

Successful exploitation of CVE-2026-11405 could enable attackers to modify device configurations, change network settings, and disable security features. CERT warns that these capabilities could ultimately result in the compromise of a local network.

The organization also stated that it was unable to coordinate disclosure of the vulnerability with Tenda, and no security update has been released to address the flaw.

Until a patch becomes available, CERT advises users to disable remote web management to block unauthorized external access. It also recommends changing the default LAN IP address to reduce the likelihood of devices being identified by automated scanning tools.

CERT Also Discloses Unpatched HP Printer Flaw 

On Tuesday, CERT/CC disclosed another unpatched vulnerability affecting HP DeskJet 2800 series printers running firmware versions up to TBP1CN2612AR. The issue, tracked as CVE-2026-13753, is a missing authorization flaw that exposes sensitive administrative information.

According to CERT, attackers can send unauthenticated GET requests to multiple backend API endpoints, which return administrator configuration data without validating authentication or session state. The exposed information includes the Wi-Fi Direct SSID, plaintext passphrase, unique printer serial numbers, service IDs, and administrative password state details.

CERT/CC summarized the risk, stating, “This vulnerability allows unauthenticated access to the printer’s webserver API endpoints, exposing Wi-Fi credentials, management configuration details, and sensitive security data normally restricted to administrative users.”

Scroll to Top